supply-chain-secure-publish
CommunitySecurely publish npm packages with Bun.
Authortacogips
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill provides robust security measures to prevent supply chain attacks during the creation and publishing of npm packages, ensuring the integrity and safety of your code.
Core Features & Use Cases
- npm Account Security: Enforces 2FA and provides best practices for npm token management.
- Trusted Publishing: Integrates with GitHub Actions using OIDC to eliminate stored secrets.
- Package Provenance: Enables verifiable links between published code and its source.
- Pre-Publish Checklist: Guides users through essential security checks before publishing.
- Use Case: A developer is setting up a CI/CD pipeline to publish a new npm package and wants to ensure it's protected against common supply chain vulnerabilities like those seen in the Shai-Hulud attacks.
Quick Start
Use the supply-chain-secure-publish skill to set up trusted publishing for your npm package using GitHub Actions.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: supply-chain-secure-publish Download link: https://github.com/tacogips/QraftBox/archive/main.zip#supply-chain-secure-publish Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.